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(54) SERVICE PROVIDING SYSTEM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To dynamically select 
information to be transmitted/received according to the 
authority of a user, and to prevent the same operation from 
being received plural times by erroneous operation. 
SOLUTION: In a request data preparing part 102, service 
utilization request data are prepared and sent to a basic 
authentication part 106. In the basic authentication part 106, 
the user is authenticated, and in respect to a legal user, a 
service utilization request is accepted. Requested data are 
retrieved by a data storage part 1 07 and dispatched to a data 
converting part 110. The data converting part 110 inquires 
whether tagged data can be provided to the user or not to a 
policy managing part 109. Corresponding to the user ID of the 
user, the tag and the state of a utilization system 111, the 
policy managing part 109 judges permission/refusal and the 
data converting part 110 converts data so that data 
permitted by the policy managing part 109 can be disclosed 
and refused data can be hidden, and provides the data to an 
application executing part 103. 
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1This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



CLAIMS 

[Claim(s)] :[ : _____ ^1 _ „ 

[Claim 1] A means to be the service provision system which performs information processing for 
offering predetermined service to a user, and to store the service information for offering said 
service, A means to receive requested data including the authentication child who attests the 
demand information which requires said contents of service, the user attribute which shows said 
users description, and said user, A means to attest said user based on said user attribute and said 
authentication child, A means to determine said user's access propriety to the information included in 
said service information based on the result of said authentication, A means to retrieve the service 
information corresponding to said demand information from said accessible service information, The 
service provision system characterized by having a means to change said retrieved service 
information so that it may be adapted for said determined access propriety, and a means to show said 
changed service information. 

[Claim 2] It is the service provision system characterized by inhibiting reception of the requested 
data inputted 2nd henceforth when the multiple input of the thing with said means same [ the 
contents of said requested data ] to receive is carried out in a service provision system according to 
claim 1 . 

[Claim 3] It is the service provision system characterized by receiving the requested data inputted 
2nd henceforth [ said ] when checking carrying out a multiple input from said user when the multiple 
input of the thing with said means same [ the contents of said requested data ] to receive is carried 
out in a service provision system according to claim 2 is inputted. 

[Claim 4] It is the service provision system characterized by showing the information which shows 
that it is a multiple input to said user when the multiple input of what has the contents of said 
requested data the same [ said means to receive ] is carried out in a service provision system 
according to claim 3. Therefore, the service provision system according to claim 1 to 2 characterized 
by having the function to restrict said available data attribute. 
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DETAILED DESCRIPTION 

[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the service provision system which performs 
protection of privacy, and unjust use prevention of contents by offering service suitable for what has 
a right especially about the service provision system which offers distribution of contents, and use of 
contents as service. 
[0002} 

[Description of the Prior Art] By development of the information communication technology 
represented by the Internet, through a network, contents, such as music and a ^ame, are distributed 
or, generally the service which can perform inquiry for the balances and transfer is spreading from a 
cellular phone or the personal computer of a house like Internet banking. However, while 
corresponding to a service users various needs, the need of fully taking into consideration the cure 
to the threat on an information security came out, because a service user becomes many and 
unspecified persons. 

[0003] As shown in JP,2000-82039,A "a display-control information generation method and a 
computer", in order to offer the user interface according to each capacity as correspondence to 
various needs to the client terminal which has various capacity, there are some which generate 
display-control information, such as HTML, dynamically with reference to terminal attribute 
information. 

[0004] Moreover, as a technique for securing an information security, JP,2000-1 9960,A is describing 
the "remote-operation approach" as follows. That is, if a user inputs a control signal in case a control 
signal is transmitted to a control unit from an operating station, the right of actuation is generated 
next time, and in a control unit side, a control signal and the signal which contains the right of 
actuation the right of actuation and this time next time will be enciphered with a common key, and it 
will transmit to an operating station. The right of actuation is memorized to an operating station next 
time. In a control unit side, the transmitted cipher is decrypted with a common key and the right of 
actuation is acquired the right of actuation, and next time a control signal and this time, it judges 
whether it is in agreement with the right of actuation which has registered the right of actuation into 
the control unit side this time, and when in agreement, a control signal is sent to a control equipment. 
The right of actuation is registered into a control unit side next time. 
[0005] 

[Problem(s) to be Solved by the Invention] There are the following problems in this conventional 
approach. That is, although the contents offered based on the terminal attribute information 
transmitted from a client terminal are dynamically generated in case contents are offered about 
JP.2000-82039.A, it is not considered whether there is any authority for the user who is perusing 
using a terminal to peruse the contents. In the case of that in which contents contain important extra 
sensitive information, a thing to be protected [ of privacy ], the thing with which only a member is 
limited and provided, it is necessary to perform generation and distribution for contents in 
consideration of the authority of the contents user who becomes an offer partner. 
[0006] moreover, JP,2000-1 9960.A — being related — from an operating station — mistaking — 
multiple times — when the same actuation is performed, a control unit recognizes it as the just 



control signal having been sent two or more times, may repeat the same control and may be 
performed For example, there was a problem of transferring a large sum beyond the need, without 
detecting it, when this technique was applied to Internet banking, and multiple-times transmission has 
been carried out accidentally [ signal / transfer actuation ]. 

[0007] The purpose of this invention is to offer the service provision system which selects 
dynamically the information offered in accordance with a users authority, and the information to 
receive. 

[0008] Other purposes of this invention are to offer the service provision system which is not without 
a check of a user a multiple-times receptionist, also when multiple-times transmission of the same 
control signal has been carried out accidentally at service utilization time. 
[0009] 

[Means for Solving the Problem] A means for this invention to be a service provisjon system which 
performs information processing for offering predetermined service to a user, and to store two or 
more service information for offering said service, A means to receive requested data including the 
authentication child who attests the demand information which requires said contents of service, the 
user attribute which shows said users description, and said user, A means to attest said user based 
on said user attribute and said authentication child, A means to determine said users access 
propriety to the information included in said service information based on the result of said 
authentication, It has a means to retrieve the service information corresponding to said demand 
information from said accessible service information, a means to change said retrieved service 
information so that it may be adapted for said determined access propriety, and a means to show said 
changed service information. In addition, a display of accessible information is enabled and it includes 
inhibiting presenting of the information which cannot be accessed in conversion. 
{0010} Moreover, with another gestalt of this invention, it is characterized by inhibiting reception of 
the same requested data. 

[0011] The others and following service provision system is also contained in this invention. The 
service provision system which has the requested data creation section which attaches a user 
attribute and an authentication child and creates a request, a user attribute and the basic 
authentication section which performs user authentication from an authentication child, the policy 
Management Department which specifies an accessible data attribute, the data storage section which 
takes out the data demanded based on a request, and the data-conversion section with which 
reconstruct data according to the data attribute specified by the policy Management Department, and 
a user is provided. 

[0012] Moreover, the service provision system have a confirmation-qf-receipt value, the application 
activation section which attach a user attribute and an authentication child to the actuation demand 
characterized according to the data attribute, and transmit to it, a user attribute and the basic 
authentication section which perform user authentication from an authentication child, the use 
hysteresis Management Department which confirm whether a confirmation-of^receipt value is a thing 
[ finishing / reception ], the policy Management Department which specify an accessible data 
attribute, and the command analysis section which analyze in an actuation demand and operate in a 
use system based on decision of the policy Management Department. 

[0013] Furthermore, in each above-mentioned service provision system, the policy Management 

Department has the function in which a user attribute restricts an available data attribute, and the 

function to restrict an available data attribute according to the condition of a use system. 

[0014] Furthermore, the service provision system by which the basic authentication section has the 

function which updates a confirmation-ol^receipt value, and the function which enciphers a 

confirmation-of^-receipt value in the form which only a user can decrypt is also contained in this 

invention. 

[0015] Furthermore, the service provision system which has the function to check that the 
application activation section has received the confirmation-of^receipt value answered from the 
basic authentication section, and the function to decrypt a confirmation-of-receipt value and to save 
an actuation demand next time for transmission is also contained in this invention. 
[0016] 



'[Embodiment of the Invention] Hereafter, the gestalt of operation of this invention is explained using 
a drawing. As one gestalt of operation of this invention, the block diagram at the time of applying this 
invention to a plant SCS is shown in drawing 1 . To drawing 1 , a means by which the service use 
section 101 receives information from the service provision section 104, and a means by which the 
service use section 101 operates it to the use system 111 are indicated. 

[0017] The service use section 101 consists of the requested data creation section 102 and the 
application activation section 103. The requested data creation section 102 sends a demand of a user 
to the service provision section 106 with user ID, a password, etc. The application activation section 
103 peruses the data passed from the service provision section 106, or operates it to the use system 
111. 

[0018] The service provision section 104 consists of the use hysteresis Management Department 
105, the basic authentication section 106, the data storage section 107, the policy Management 
Department 109, the data-conversion section 110, and the command analysis section 108. The use 
hysteresis Management Department 105 manages a users use hysteresis. The basic authentication 
section 106 attests a user. The data storage section 107 stores data and searches required data 
according to a demand. The policy Management Department 109 judges [ to which data use is 
permitted / or or ] whether refusal is carried out. The data-conversion section 110 changes data into 
a form with an available user. The command analysis section 108 analyzes the actuation command to 
the use system 111 sent from the service use section 101. 

{0019] First, the service use section 101 explains the processing flow which receives information 
according to drawing 2 from the service provision section 104. The service use section 101 specifies 
the data I want you to give and provide with authentication information in the requested data creation 
section 102 (step 201), and requires them of the service provision section 104 (step 202). A user 
attribute and an authentication child check correctly whether it is ******** with relation in the basic 
authentication section 106, and a user is attested (step 203). If a user is attested, the basic 
authentication section 106 will perform the retrieval demand of data to the data storage section 107 
(step 204). The data storage section 107 searches the demanded data (step 205). Here, each data 
element is characterized with the tag as a data attribute by the data stored in the data storage 
section 107. The data-conversion section 110 reads the tag of the searched data with a tag (step 
206), and asks the policy Management Department 109 whether an applicable user may be provided 
with each data with a tag (step 207). The policy Management Department 109 judges authorization 
and refusal of data offer based on the user ID and the tag which the basic authentication section 106 
attested (step 208). Based on the judgment result of the policy Management Department 109, the 
data-conversion section 1 1 0 indicates the data to permit, and conceals the data to refuse (step 209). 
The data-conversion section 110 performs cryptocommunication, in order to provide a user with the 
created data (step 210). The existing technique, such as SSL, can be used as the 

cryptocommunication approach. If the data which used in the pair the public key which can be opened 
to everybody in a public key cryptosystem, and the private key which must be made secret in the 
individual here, and were enciphered with the public key are not a private key used as a pair, they 
have the property in which it cannot decode to the original data. Only the attested user can be 
provided with data by enciphering and passing the cryptographic key used for cryptocommunication 
with a public key using this property. A user s public key guarantees the owner of a key, when the 
independent organization which can trust it publishes a digital certificate. 

[0020] The concrete image for every processing step is shown below. The example of the requested 
data creation section 102 is shown in drawing 3 . In drawing 3 , user ID 301 is chosen as a user 
attribute, and requested data 304 (here, they are "a pump and a bulb") is chosen from the service list 
303 wishing use as data I want you to offer. It is enciphered with the password, and a users private 
key has the term which enters a password 302, in order to decrypt this. The decrypted private key is 
used for performing a digital signature to user ID 301 and requested data 304. By pushing the "log in" 
carbon button 305, the certificate 402 of the public key which is user ID 301, the set of requested 
data 304 and the digital signature 401 of this, the private key used for the signature, and a pair like 
drawin g 4 is transmitted to the service provision section 104, and it requires of the service provision 
section 104 (step 202). Since user authentication can be performed by verifying a digital signature 



401, with the gestalt of this operation, a digital signature 401 is used as an authentication child. In 
canceling, it pushes "cancellation" carbon button 306. 

[0021] In the basic authentication section 106, a certificate 402 is verified and a right public key is 
acquired. A digital signature 401 is checked using a public key, and a user is attested (step 203). 
When it is able to be checked that he is a just user, the basic authentication section 106 passes user 
ID for the retrieval demand of the data demanded from the data storage section 107 to delivery (step 
204) and the policy Management Department 109. The data which correspond according to the 
passed data demand are searched with the data storage section (step 205). "The pump and the bulb" 
are passed as requested data 304, and the file relevant to the supervisory-control screen of a pump 
and a bulb is searched with this example. The example of the searched file is shown in drawing 5 . 
The data in a file are characterized with the tag. 

[0022] Here, <x>y </x> characterizes and Data y are characterized with Tag x. The data file of this 
format has a standard description language called XML {extensible Markup Language). In the case of 
drawing 5 , pump tag 501 a connoted the components which constitute the supervisory-control screen 
of a pump, and has generalized stop tag 501 d which performs watch tag 501b which makes a monitor 
screen, start tag 501c which performs pump starting control, and pump halt control. Similarly, valve 
tag 501 e connoted the components which constitute the supervisory-control screen of a bulb, and 
has generalized watch tag 501f which makes a monitor screen, open tag 501g which performs control 
which ©pens a bulb, and close tag 501 h which performs control which closes a bulb. By this example, 
the screen configuration program 502 for performing supervisory control is placed as data surrounded 
with the tag 501. 

{0023] The above-mentioned data file with a tag is passed to the data-conversion section 110, and is 
taken as the master data for constituting the data shown to the service use section 101. In the data- 
conversion section 110, the data to which the tag 501 was read (step 206) and the corresponding tag 
501 was attached are asked [ whether you may provide for the service use section 101, and ] to the 
policy Management Department 109 (step 207). At the policy Management Department 109, 
authorization and refusal about offer of data are judged from the user ID 301 passed from the basic 
authentication section 106, and the tag 501 passed from the data-conversion section 110 (step 208). 
[00241 The matrix for performing this decision is shown in drawing 6 . In drawing 6 , it is user ID 301 
a-c and the matrix of tag 501 a-h, and Ox within a matrix is expressing authorization and refusal. For 
example, it is refused for it to offer a halt control screen that user ID 301 offers the monitor screen 
of a pump to the user of user A, although the permission is granted. The conditional statement in a 
matrix describes the conditions for permitting information offer. In conditional-statement 601a of 
drawing 6 , it has set up with "IF power-source =ON" as conditions for user ID 301 to offer a pump 
monitor screen to the user of user B. This is restricted when the power source of a pump is ON, and 
it means offering a pump monitor screen. Similarly as conditions for user ID 301 to offer a pump 
starting screen to the user of user A Conditional-statement 601b describes as "IF t>9:00 and 
t>17:00" that time of day t is from 9:00 to 17:00. As conditions for user ID 301 to provide the user of 
user B with a pump halt screen, conditional-statement 601c has described that the rotational 
frequency of a pump is less than 10000 as "IF rotational frequency <1 0000." 
[0025] In drawing 3 , the user of user B has advanced the service use demand of "a pump and a 
bulb", and user ID 301 presupposes that the data file with a tag of drawing 5 was searched 
corresponding to this. In the data-conversion section 110, the file 701 from which it cooperated with 
the policy Management Department 109, and the format of drawing 7 was changed is formed. The 
power source of a pump is ON, when the rotational frequency of a pump is less than 10000, to user 
B, presentation of a pump monitor screen, a pump halt screen, a bulb monitor screen, and a bulb 
close screen is permitted, and drawing 7 is made into the HTML file which is the data format at the 
time of offering information by Web. The service user who received the data of drawin g 7 shows the 
image perused by the web browser to drawing 8 . On a screen, the pump monitor screen 801, the 
pump halt screen 802, the bulb monitor screen 803, and the bulb close screen 804 are displayed. On 
the other hand, the power source of a pump is off, and since offer of the pump monitor screen 801 
and the pump halt screen 802 is refused when a pump rotational frequency is 10000 or less, the 
screen which can peruse the service use section 101 turns into the bulb monitor screen 803 and the 



' bulb close screen 804 like drawing 9 . 

[0026] As mentioned above, although the case where a supervisory-control screen was perused was 
described, the same processing is possible also when perusing a common document. Secret papers 
1001 like drawing 10 as a data file with a tag are searched and carried out from the data storage 
section 107 to the perusal demand of secret papers. Secret papers 1001 are managed by secret tag 
501 i, and define s1, s2, and s3 tag here according to security level, respectively. For example, ****** 
level and s2 tag 501k can define management level and s3 tag 501 L as extra sensitive information of 
officer level, and s1 tag 501j can constitute secret papers 1001. The data-conversion section 110 
reconfigurates this data with a tag, and the data which can be offered by inquiry of authorization and 
refusal to the policy Management Department 109. 

[0027] At the policy Management Department 109, authorization and refusal are judged using the 
matrix shown in drawing 1 1 . The perusal possibility of and user ID 301 show that all data can peruse 
the user of user C except the officer data with which, as for the user of user B, s3 tag 501 L 
attachment of the perusal possibility of and user ID 301 was done only for the ****** data with 
which, as for drawing 1 1 , s1 tag 501 i attachment of user ID 301 was done, as for the user of user A. 
User ID 301 changes into a "****" mark the data surrounded with s3 tag to the user who is user B, 
and makes the data-conversion section 110 perusal impossible here. The example of the changed 
HTML file is shown in drawing 12 . The HTML file offered from the data-conversion section 1 10 is 
passed to a service user's application activation section 103 by the cryptocommunication of step 210 
described previously. 

[0028] This example of a screen display is shown in drawing 1 3 . If there is no private key for 
decrypting the cryptographic key used for cryptocommunication even when a third person intercepts 
the data which flow a network top, it will become possible to prevent the display of the screen of 
drawing 10 . 

[0029] With the gestalt of this operation, if a user changes or the condition of a use system changes, 
the description will be in the place where the information to offer also changes, and security and 
privacy protection will be realized. 

[0030] Next, how the service use section 101 operates it safely to the use system 111 is explained 
using the processing flow of drawing 14 . By pushing the pump earth switch 805 in drawing 8 as an 
example, the case where a pump PAUSE command is transmitted to the service provision section 
104 is considered. 

[0031] When the pump earth switch 805 is pushed, the application activation section 103 creates the 
set of the value and command which have taken the synchronization in the service provision section 
104 and the service use section 101 as one data (step 1401). Time of day, a counter, etc. can be 
considered as data which have taken the synchronization. 

[0032] As shown in drawing 1 5 , let a command 1 501 be data with a tag. It is shown by command tag 
501m that it is a command, and target tag 501 n shows that it is the command which suspends a pump 
by the transmission place of a command, pump tag 501a, and stop tag 501c. "ad%f38 wh!f74" is the 
control signal 1502 which should actually be transmitted to the use system 111, and is a special value 
depending on the use system 111. 

[0033] Next, it is enciphered with user ID 301 and a counter 1503 using the cryptographic key 
generated at random (step 1 402), and the command 1 501 as data with a tag forms the code data 
1504. A cryptographic key is enciphered with the public key of the service provision section (step 
1403). The code data 1504 and the enciphered cryptographic key 1505 are signed with the private 
key of the service use section 101 (step 1404). In the application activation section 103, the digital 
certificate 1507 for verifying the code data 1504, the enciphered cryptographic key 1505, the 
signature data 1506, and a signature is made a set, and it transmits to the basic authentication 
section 106 (step 1405). 

[0034] In the basic authentication section 106, a digital certificate 1507 is verified, a users public key 
is acquired (step 1406) and the signature data 1503 are verified with a public key (step 1407). The 
basic authentication section 106 decrypts the cryptographic key 1505 enciphered using the private 
key of the service provision section 104, and obtains a cryptographic key<step 1408). The code data 
1504 are decrypted using this cryptographic key, and a counter 1503 and a command 1501 are 



"obtained (step 1409). The basic authentication section 106 asks the use hysteresis Management 
Department 105 a counter 1503, and it confirms whether be a thing [ finishing / reception / already ] 
(step 1410). If it is reception ending, a command 1501 will be refused (step 141 1), if it is not reception 
ending, this users counter 1503 registered into the use hysteresis Management Department 105 will 
be updated to the newest thing (step 1412), and a command 1501 will be passed to the command 
analysis section (step 1413). For example, when a users counter 1503 saved in the application 
activation section 103 is n, the value of a counter 1503 is attached as n+1. When the transmitted 
counter 1503 is below n, it judges that transmit data is already reception ending, and dismisses. If the 
transmitted counter 1503 is n+1, a command 1501 will be attested and the registration value of the 
use hysteresis Management Department 105 will be updated to n+1. It is enciphered with a users 
public key and the new counter 1503 is answered by the service use section 101 (step 1414). In the 
application activation section 103, when the enciphered counter 1503 is received, a confirmation-of^- 
receipt screen is displayed (step 1415), a counter 1503 is decrypted with a users private key, and it 
is saved for the next command transmission (step 1416). 

[0035] With the gestalt of this operation, the description is in the place which has prevented 
reception of the multiple times of the same command using the value which synchronizes in the 
service use section 101 and the service provision section 104. In the case of the system using the 
Internet, there is an unlawful access technique of the resending attack which transmits the data 
intercepted in the middle of the network as it is, and this is prevented. 

[0036] Moreover, also when the multiple-times carbon button has been pushed accidentally, two or 
more same commands cannot be received and an operation mistake can be prevented. Moreover, it 
can also be checked that the transmitted command has been certainly sent to the use system 111. 
10037] The processing flow in the command analysis section 108 is shown in drawing 1 6 . The 
command analysis section 108 analyzes the tag 501 of a command 1501 (step 1601), and asks the 
policy Management Department 109 use authorization of a tag 501 (step 1602). At the policy 
Management Department 109, authorization and refusal are judged based on the condition of user ID 
301, a tag 501, and the use system 1 1 1 (step 1603). In refusal, the purport user who is refusal is 
notified (step 1 604), and the control signal 1 502 which was surrounded with the tag in authorization is 
transmitted to the use system 111 (step 1 605). 

[0038] With the gestalt of this operation, also when data formats differ for every device of a 
controlled system (for example, pump) by surrounding a control signal 1502 with a tag 501, and 
transmitting (A company is X method and B company is Y method etc.), if the controlled system itself 
is the same, the description is in the place which can perform an access control with the same 
method. 
[0039] 

[Effect of the Invention] As stated above, according to this invention, the contents itself offered 
according to the condition of a user or a use system can be changed, and security and privacy 
protection can be realized. Moreover, a resending attack and an operation mistake can be prevented. 
Moreover, also when data formats differ for every device of a controlled system, the description is in 
the place which can apply an access control with the same method by a controlled system being 
characterized with the same tag. 



[Translation done.] 
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strES«it-5^si±. fiES*x— 5>rort§roi^i:t<D 
ka* stife^*^-* ssti-r * c t * nmt -r 

[W*iS4] 8l*«3lcE«<D-9— exSttv^^rAlc 
*<«8lA*i£*ifc*B£l~l** 1fflE*>JffliHcftLT. 

A*-e&-5> - 1 £^-rffi«£tt*-t-5 c <b £4$«i<fc -r a 

[*H©l¥«l*lftW] 
[o O 0 1 ] 

X*l<rtvX^Alc|§§L» 4#lz s iadHWi:: 
-y— fc** £i§<ft-T -5 - <fc T ^ 1" / < a>-r 

-r-s.. 

[0 O 0 2] 



2 

M=ft***i*1MEMM* 
flf<D*Mlc«fcoT. h-7— ^**L-C**-V>y— A 

> © J: 3 l=«*««Hf«a> / < V a 6 MM* 

fisw* £ft *. * -y— e a l r # r l * a » 
■y—exftiffl#©^»ft--xi=«ic-r •settle 1* 

io [0003] £«fc--x^©*tJ£<t lt. mmtftm 

2000-82039^ r^ftl]®««±)a*j* *3<fct/ 

£#gg lt htm L^o**«y®isa[^i!iMic^fiE-r-5 
[ooo4] SfcWffi-tr^i'j^-r ^st«-r-5fctoroj$ 

fl5i LT. !^BB2 0 0 0-1 9 9-6 0#TI* rjSfiljgft 

^^A^-T^t. *tHll§f**£3S±L. «I«I»B«TI* 
*HSP<I^- <t X@ »(*« <t * BUM**** t? $A1S 

i:-^)^■r-5A^^*|J^L. -a-r«.a^i*ftij®tti«icwffli 

Jfc@«H**l*M»»««ll=»***L4. 

[O O O 5] 

30 [fEKA^aiLJ: ; ?«i:-r-i>Sa] **»4***atJ=fc^ 
Tli3fe©«fc5nfHS*<fc-5. 1fga2 0 0 0- 

8 2 O 3 9#|Cg|LTI*. a>^>^^att-r*fg|C 

■3L>TiS«-r-5)a>T L >^$»iMlc^jS-r-5*<. 4g3l5^ 
ipjffl L TKK L T U i>ip]ffl#A<-?-<D a >^ > ^ $K!|-r 

S«tffi¥<tJS*a>T->^Jffl#<D«K*#*L 
40 Ta>^r>^if^ ■ E«.£ff# 5 

[0 0 0 6] <^BB2 0 0 0-1 99 60-^lcBlL 

tetfcLT. HL*Jffll*»yiSL*ftLTL*-5W-1fettA* 
ffl-r-5«t. fia^aif^«^*KoT««Usl2l«LTL* 

[0 0 0 7] ^fEB^OSWIi. f<Jffl#<0«IISI=;tt-oTtS 

50 «-r-5i««. «tt**«Mi*»flw=ttitawi-r*-»— f 
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[0008] *3£ej3<z>tea>gWi*. U— tfx*]fflB$icK 

[0009] 

fnaf»jffl#^^a^^ 

EBK0>IHRI=&'4l-* a C. net- tf*««l=:d**L* 
■fe*WB«r»— &3t**t 

1fMR*SM*-r **** 7* 

oasFtWit-T * - * *»t?. 
[0O1O] *JMBO)«a)»B-Cfl*. BCB*^ 

— * a>*«*«Ut"r * - £ &&8it -f £ e 

tfBE£frJS:5a.*BE»£* T^-trXRlfifcfc:^ 

[0012] &a«Btt£« *Btti=*or 

««ftl*&*tfc«ff**l=* i-ifBttirBETfcBtt 
BEWSi-tfBE*frtt5»*BE»i:. BBBB 

[0 0 13] ±B0>*— tfXfilfltvX'rA-tn 

St4o 

[0 0 14] S&lc. S*BEatt<. i&IitB<I£JgSr 
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[0 0 15] T^U^"i/3>llfTffl^ &* 

BBBfr * HfciHiliiBfig L fc - fc «BB 
■J-««tti, BBBBBWM LTBttSftftkflS 

[0 0 16] 

IS&W&faVtemi GIT. **MH<D8Bfi<0»BS. B 

hBB«B^^Ai=*BB«BBL«:*tfa>7a 
^^B*B 1 ic^-To Bi lei**— ex*jJBSgl 0 1*< 
»— extt«»l 0 4^b«*$A¥t4¥S^, *— 
exfijfflfipi O 1 ^JfflvXfAi 1 Hc»LTflMt* 
frtt5*Bi*EBLTL^*. 
[oo i 7] £x5p]J8SPi o 1 l£. S*^— Sf*J£ 
ffll 0 2t7?U^- *>a>SH¥»i 03fr64«. S 
*f*«»i 0 21*. «ffl#a>B*S- If I D. 

20 ztVr— i/3 r/»T»i 0 3ii*— exBtttti 0 6*> 

*£HKL/=y. ^v^f^i i n: 

[0018] bf*»*«i 0 4 1*. jpjfflBsesSP 
10 5. &*BEffii 0 6. *»ttffln 0 7. *u 

V-gI9 1 0 9. *ft»»1 1 0. 37> K»*T 

»io8^b^. ?«iB«fi«sffli o 5 \tmm*(om 

ffllS^flt^o £*BEffln o 6I**]JS#<3BE£ 
*Tfc5o £»*ft»1 o 7 liir-$ Ltfc^I 

30 o 9i*t— *«H*i»pr-r*^fi5-r«^**iw-r*. 

1 ottfiJBVtffilfflWBftBlw-x— 

3 7>k«whh 0 8I*. »-ex««»i 

0 14i&£&2hfeHBi'*7Al 1 i i£*rr£g^=i ^ 

[oo i 9] *-r. *— ex«jH»i o itf*-exa 
tkb-t*. »— exfijfflspi o 1 1*. ^*-r— 

ffll 0 2lzfct^TBE1ftS[^^Lrti«LrS:Lt^7 ^ 

— 5«^*iSL »f;?2 0 i) . it— tfxg#an o 
40 4lzS*-r€> Wf-;^2 0 2) o S*BMep 1 O 6 T* 
^Mtt^BE^iESSlz^a^lN-C^^^^ffiBL 

E**i^t. S*BESP1 o 6l*-r— ^«ttS5l o 7 iz 

^c^oT^®^«tr^4o t— ?St»SPl 1 OI4. « 
50 0 6) . &/7(7)^^##7 : -^*e^^Jffl#^SI^L-C 
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af^207) o v-©^fi»i o 9liS*KBE 
951 O 6 #1211 Lfr3- — if I D t$<?£ljt\Zir-$fe 

[0 0 2 O] ^*Ja 20 

TI^*To 2fEj£SP1 O 2(Daft^i*EI3(C^ 

■To S3T*li. 3.-ifJS14<h LT3.— if I D3 o 1 % tl 
^LrStL^f-^d: LT*JJB#Mif- tfX'JX K3 O 

li % JL— if I D 3 O i tW&^—Z 3 O 4 l^>^LT^>r 

3 0 5£#"f Cl^lCcfcy. g)4(7)cfc5l^. 3.— if I D3 30 

oUI*f-^3 0 40-ir^h, z;ft <D T-r v£ ju¥ 

fil<7)liE^*4 0 2^if— 0 4l:ML, it 
— 0 4ICS3R-T* Uf^?2 0 2) o 

-fv^;H«4 0 1 £«i5Et-£C<tlCefcoT3_-ifi21jE 

Ltf^v^H*4 0iSffli^ 0 ^-\*>-t?;u-r3ii 

[ O O 2 1 ] £#StiESfl 1 O 6 T*lotiiEBJ# 4 0 2 £J£liE 
U jELl^BB«t*Brti"r*o. ^B8SI*fflL>T -r-r 40 
;US£4 O 1 £^i*><7 LT^Jffl^CDlSE^frfc^ (X 

f^203) o iE%temm%T'&z>z.ttmm-c$tz 

a^lcli. £*gBSP 1 o 6 (ST— 1 o 7 icJt 
4) . ?K«Jv— O 9lzJ4LT3.-if I 

■f 4 Ut^205) o **lfcfii|-e ■ 

liI*f-^ 3 0 4d:Lt TtK^^^/^u^j £&LT 
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[0022] ZZt% <x>y</x>li^r— £ fxlzftm 

Xtensible Markup Language) £ I* 5 flWKl4:1B&SKft< 
$)^)o H50)ii^ pump^^501ali*>^E 

a t c h*^5 O 1 b. tf>:?e»Mffl£*Tfc:? s t a 
rt^501c, *>^ffitiSJ«I.Sff<i:5 stop* 
<f5 O 1 d^«tSLTL^o l^flMcLT. valval 

^5 0 1 e l*/<)\,z?<DE&mmMm&m&+Z&&£to 

SL, g%Il$^^wa t c h^^50 1 f . 
SMKftHWftffftd ope n^50 1 g. /^U^*« 
U£©H£P£*7#5 c I o s b*<?5 O 1 h £fitSLTl^ 

[0023] iiEa^^tt^— ^77-<;uif- 
am i oi-x**L. if— exfijfflgpi o 1 izsi^-r^ 

95 1 1 0 5 O 1 l J (X^^^2 O 

6) „ sti-r^s^s o i wtti^-T— *£it— exfij 

ffigpi o 1 lc|l#LT<fcl>^5fr#'J MHKl o 
i o 9 -eii. S^iSiiEfiP 1 o 6 fr*Sfc**u=3.— if i d 

301t, ^r— *SEam 1 0^8^**Ltc^^5 O 1 
(X J r^^ , 2 O 8) o 

[0 0 2 4] z<0^JB?i£*73:5fctf><7>-? hU 
6 iC^fo El 6 -eii^-— if ID301a-ci:^5O 

— if I D3 O 1 tfuser A0)3.— if lzttLX#^Zf<D9£m 

6 0 1a Xit. 3.— if I D301 A<user B(D3-— if left 

LT;K>^Kaii®*ffi«*ri>tctf)<D*#«b:ur r I f 

7b<^>0)«^(c|Sy. 7K>^K«Pl®^fil«'r^Ci:^ 
a"f o f^«l^ LT. 3-— if I D 3 O 1 tfuser A0)3_— if 

B$£l)t7b<9 : 003^617: OOft^CtS, -ft 
tt^6 0 1 bl:t n F t>9 : 00 and t>1 

7 : 0 OJ £ LTlEaiL. 3.— if I D3 0 1 jb<user BO) 

7K>^0)[E]$E»)b<1 0 0 0 0*ffiX$>Z>Z££. ft#X 
6 O 1 c!CT r I F @*e»< 1 O O 0 OJ «b LTSB^ 

[0025] ID 3 T*li3_~if I D 3 0 1 tfuser BCD 3.— 
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y. z^(c«jsltE5(Z)^^^tF-^^t-<;u^ 

Jlffil 0 9il«LtB7(D»aoJtjl*iife7 7^JU 

7 o i *»«-r*. jKvJoiWtve, #>:?<d[s] 
C1U<1 O O O 0*3i(Dli^lc(iuser BdfcfLT. 
:7E«BB. 7K:/^f*JtBB* /<;u^EaiIffi. /^u:? 

We b^^ifTrBSlJSLfc-O — v*H8lz^-r o bb 

2. /<ju7MHra 8 o 3 . j<)\,7mmm& o 4*<a^ 

lOOOOJUTflOWlCli, ^>^S«li®8 O 1 . 

«JB»1 O 1 A<BBKTf#«Hffil4H9a)«fe3lw/^^lE 
^U®8 0 3fcJ:t;/<;U^®@8 O 4IC&6. 
[0 0 2 6] fil± % K1MWMtBBIt-r*»*^oL^ 
T&^fcj^ -«©£»*BIt**«*r=4iW***Hi 20 

f 1001lisecret^501 i tf -fe 
♦aUf-f l/^H=KCt s1. s 2. s3$^f£*-*t 
-ftlSS-r^o 09*14. 81^^501] ttttMBU'* 
JU. s 2*^/5 O 1 kttlMll/^k s3^501L 

it&R\s<<)MDm&tftmt LxmmL. tnrxsi oo 

#'J*>— «3MM 0 9>MDHFnT ■ *§ 30 

[0027] #U5/— 0 9-eii. Bi i \^ir 

1 |* % if I D 3 O 1 *<user A(D*]JB#I4 s1^5 
0 1 i ftitStifcttrtWT 5 — *©*BBIRr*. a—If I 
D3 0 leaser B<0fijffl#f4s 3>{f&01 Lttl*£;K 
fcSa^-^^liBgKRr^. a— tf I D 3 o 1 *<user 

-To ::tf-^^i 1 o(4. -l— if i D 3 o 1 ^ 
user B-efe^5pjffi#lc«Lr(is 3^^-eS^tifc^— 40 
^r*** *j 7— ^icKlftLTBVFttlcL-Ci* 

-So Wft**lfcHTML?T-OU©«£Bl 2lC^-T 0 
-r— $3E»fi&1 1 036>ba**ilfcHTML77-fil 

i*. ftica-^fcx^*^ i ooB&^iitici^y+r-tr 

[0 0 2 8] CKDBffiSaMM** BO 1 3IC7^-f e *^ h 

9 - $ ± £ 3m « -t— $ $-mH#/j<igK l tz m & X ti . 

lt*U4* Hi 0<Dliffia)S^SR6it"f ^C<b*<pTfill-^p 

50 
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[0029] *ftlfca>»fl|-cii« Wt«feotu*i 

[O0 3O] if— O 1 ^Iffii/Xf 

Ai 1 llc»LrS±lc8lff*fT3S:5^jS^o^Tiai 
r#>^ffih#*>8 0 5tlf-r^i:i=*or. 

[0 0 3 1] " 5K>^#Jt**>8 0 53^»**Lfc*^ 
if-exffl«»1 0 4 tif— e^«ffl»1 O 1 TfWJH* 

XT~J X )*T — S/3->j£firSM O 3 l4fEjK"3~ & (*t-v^ 
140 1) o BUBftBloT^ix— *<t LTtettSH** 

[OO 3 2] Bi 5lz^-r«fc5lca-7> Kl 5 O 1 I*. 
*<ftt&T— $ t-?Z>o 37>Kr*fc«iuilicomm 
a n d O 1 m**fl*3*U target£^501 

n*<3-7>K0)a{15fe. pump^SOIafcctl/s 
t o p*^5 O 1 clC^y. 7p>^Sffih"r*ZlV> K 
t'fe-SCtSfvto r a d%f38wh ! f74j 14. 

1 i ic»LT*W::»«*ft*^**« 

«*1 5 0 27* fiJffii>X^A1 1 1 lctfe#-r«»gij3Ec 

[0033] $^f-^i!:Ltfl)37>Kl 
5 O 1 I4-3-— if I D30U*^>^ 1 5 O 3 <b £ t 

7^1 402) . B&^ir— £ 1 5 0 4*Mt4, B&-^ 
■I4»— ex««»0)»B«lf«HMfc"r* (X^r^^l 

4 0 3) o (Mtt—* 15 0'4feJ:t)EBt*fc**lfcBt* 

a i 5 o 5 (4. if — tf xpjfflgp i o i owmmx-sz * 

*l£ (X-Xt^l 4 0 4) o 7?*)*— ->3>SiflWl 
0 3TM4. Mf-> 1 5 0 4. MftihfcMBi 

5 0 5. ^ 1 5 O 6. S«*«ltiE-r-5)f-A(Dm 
^liEB^Sl 5 o 7^-tr*> hlcLTS*KliE$Pl O 6ICJS 

(Xt*^1 405) o 
[ O O 3 4] S*12ilffl5 1 O 6 TM4. m^liEBje 1 5 O 
7*«liiELTa.— ifCD^BSfi^lSliL WfV?140 
6) . m%^r—$ 1 50 3*^gBar*«liiE-r^> Wf*; 
?1 407) . S*mBEWi 0 6l4if-extl«SPl O 

40)»ttBtffl^T«NWt**LfcM»«1 505m 
^bL. P6"^fil*l#^ «f*;?1 4 0 8) o C(7)Bt^a 
^fflL^rBg-^ J f-~^ 1 5 O 4£«*HfcU 1 5 

03i37>Kl50lS1»4 Uf^1 409) . 

3S*BKfiP 1 O 6 14* ^ >^ 1 5 O 3 £ *l JBHS^Sgfl 

^^x^^-r* cx^f^^i 4 i o) c a«*^-cfc*i 

14. 37>K1501 J£§L (X-x^^l 4 11). 



(6) 



4*§fl2O02-1 57223 



9 

TtN^Ka- VOftO^* 1 5 0 3 ^fiSra^ttdSSr 

L 4 12) „ 37>K1501$37>K 

»*H»ic«-r cx^r^^i 413). mx.&. t-jvt 

$ 1 5 0 3A<nrfcofc»*. 1 
n + 1 atM^c 1503A< 
n KIT aims aid?— *l4HlC»«»^T»ft«t 
flKLrSJT-r*. 1 503^n + 

1 rfc*U*av> Kl 5 O 1 £i2EEU fijffiHSg^SU 
1 0 50)Sfil*n + 1 icMM^o 89Sa>*iO>* 1 10 

i o i \zmmz*i& (xf7?i 4 1 4) 0 t^'j^- 

V 3 >ggfrSP 1 0 3TM*. 0g^t£*l*:*JO>* 1 5 O 
4 15). 3.— +f©Wffifi-e*^>^ 1 5 03^t 
1416) o 

[0035] *3l*S0>ff^r*ii. -9— exipjfflgpi O 1 

exti^fiPl 0 4rj^&Lri>£ffi£ffll^r|5]i: 

[0036] g|or«»0**>£»LTL£o 
7b<«t3llcfJjffivX^Ai 1 1 lc£*;ft/cC<b**iIg-f £ 

[0 0 3 7] 37>KS«f»1 O SlCfclf^fllS^P- 
£B 1 e\Z7jk-t 0 37> K»«fSP1 O 81*. 37>K1 30 
5010)^^501 £fi?#rL (X^f^l 6 O 1 ) . ?K 

0 9iz^^5 o 1 <Dmmwfsi&mi^t> 

1±£ (X^r^^l 6 0 2) o #U->— «SflM O 9TMi 
a.— tf ID301t^501, fc.fctffiJJBS'X^Al 

^1 603) o lg5(Dii^lrli}§§r*fc^l'3.-+f|Cil 

*au cx^^/^1 6 0 4) . pt *j come* IZ\*$ ?T-m& 
titzumm^i s o 2$-ffj^vx j rAi i nzaia-r* 

{X^y?! 6 0 5) e 

[0 0 3 8] *KJfi<D»tB'Ctt. «J»«*1 5 O 2^ 40 

if 5 o irffl^r&fl^&c^ic^or. Mffltt* (#J 

*tf#>:7) ^HSlcir-^^^—^^ h 

* (^x^Attlix^^. BftltYttUtl let. ©J 

[0 0 3 9] 
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* z £ x-m or *x«w# BB^ts-e* 

[H®<DfW|ifcKiIB] 

[s 2] *«wta«Lfc*— ex««»^a>««*« 
is 3] *-exw«»^««»iz>*Lra«-r**DJH 

[B4] *ff*»izfe^r«**#L*^— *-b 

[B5] T-*»IA»icm*r»lA**iri**^5>h 
MMinif-*W«»tBtfc* ( 
[Be] #u «3Mw=fet^r«a**ir^«*- tf 

[B7] ^-*K»»rcfcL^r****ifc^5>nsa 

[B8] KIMfr ??:/hKa«ftB 

ffi-r— * ms Lt-mmmT'&z> 0 

[19] * 'J v/— eSBPlcfeL^riWRBA^It &4xfc»* 
0). ^-«*«*&**ftfcT-*M*LfcBB« 

[Bi o] -x-^aiMiHcfi^raiASJhri^aB*^ 
[bi i] «*««*if<Di-ificiiFRr-r*^«5-r*. 
ft io 

[Bi 2] 5 s — **«»i=feL^r*»**Lfc««T— * 
a>jfcSt**'*"B 

[Bi 3] f-*«»»6***ifcH»f-* MS 

[Bi 4] -9-— exf«jffl»3^6-y— e^a««i=3-7> 
k saa-r zmmo^m z £ s-r ? p — * * - h r & 

*. - 

[Bi 5] -y— ex«ffl»A^-y— tfxa«»i=a&*L 

TBI 6] =i-7>K««f»l-*5lt*»3ia)***t3F-r 

[»*©KW 

30 1-a— If I D, 3 0 K. 3 0 4-I 

SfcT— 3 0 5-a^>f^X 3 0 6»4t>t 

;utK£>. 5 0 1— * if. 5 o 2— ■BMJft^a^ 

A. 60 1-*tt*. 7 0 1- JE**nfc77^;k 8 

o 1 ;K>^EailJ®. 8 o 2— #>3^ffjhBB. so 

3— /{JU7fiaBB. B0 4-/^?BiI, 8 0 5 — 
*>3fffjh*4»>.. 150 1- a7>K, 1 502-M 
»a#. 1 503-^^, 1 5 04-«§f-^ 
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